| Package | netty |
|---|---|
| Version | 1:4.1.7-2+deb9u4 (stretch) |
| Related CVEs | CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41915 |
Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
For Debian 9 stretch, these problems have been fixed in version 1:4.1.7-2+deb9u4.
We recommend that you upgrade your netty packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.